PHP Login System
2 min read
A complete, secure PHP login and registration system using PDO, sessions, and password hashing.
1 - Database Table
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
email VARCHAR(255) UNIQUE NOT NULL,
password VARCHAR(255) NOT NULL,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
);2 - Register
function register(PDO $pdo, string $email, string $password): bool {
$stmt = $pdo->prepare("SELECT id FROM users WHERE email = ?");
$stmt->execute([$email]);
if ($stmt->fetch()) return false; // already exists
$hash = password_hash($password, PASSWORD_DEFAULT);
$pdo->prepare("INSERT INTO users (email, password) VALUES (?, ?)")->execute([$email, $hash]);
return true;
}3 - Login
function login(PDO $pdo, string $email, string $password): bool {
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?");
$stmt->execute([$email]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($user && password_verify($password, $user["password"])) {
session_start();
session_regenerate_id(true);
$_SESSION["user_id"] = $user["id"];
$_SESSION["email"] = $user["email"];
return true;
}
return false;
}4 - Auth Guard
function requireLogin(): void {
if (session_status() === PHP_SESSION_NONE) session_start();
if (empty($_SESSION["user_id"])) {
header("Location: /login.php");
exit;
}
}5 - Logout
function logout(): void {
session_start();
$_SESSION = [];
session_destroy();
setcookie(session_name(), "", time() - 3600, "/", "", true, true);
header("Location: /login.php");
exit;
}
Related Tutorials:
- PHP OOP Introduction
- PHP Classes and Objects
- PHP Access Modifiers
- PHP Inheritance
- PHP Abstract Classes
- PHP Interfaces
- PHP Traits
- PHP Namespaces
- PHP Constructor and Destructor
- PHP Magic Methods
- PHP Exceptions and Error Handling
- PHP PDO Database
- PHP CRUD Operations
- PHP Password Hashing
- PHP REST API
- PHP Composer and Autoloading
- PHP Design Patterns
- PHP Type System
- PHP Best Practices